CVE-2022-39259 LOW

CVE-2022-39259: Jadx-gui subject to Denial of Service via Swing HTML rendering

Vendor Skylot

Product jadx

Weakness CWE-20 · Input validation

Published October 21, 2022

Last update April 22, 2025

View on NVD All CVEs

CVSS base score

3.3/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

jadx is a set of command line and GUI tools for producing Java source code from Android Dex and Apk files. versions prior to 1.4.5 are subject to a Denial of Service when opening zip files with HTML sequences. This issue has been patched in version 1.4.5. There are no known workarounds.

Key dates

02Disclosure timeline

October 21, 2022 CVE published

April 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-39259 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

CVE-2022-39259: Jadx-gui subject to Denial of Service via Swing HTML rendering

01Description

02Disclosure timeline

03References

04Related CVE